CVSS: 7.8EPSS: 5%CPEs: 123EXPL: 3CVE-2013-4473 – Mandriva Linux Security Advisory 2013-272
https://notcve.org/view.php?id=CVE-2013-4473
21 Nov 2013 — Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. Desbordamiento de búfer basado en pila en la función extractPages de utils/pdfseparate.cc en Poppler anterior a la versión 0.24.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un nombre de archivo fuente. P... • http://bugs.debian.org/723124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 17%CPEs: 123EXPL: 1CVE-2013-4474 – Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String
https://notcve.org/view.php?id=CVE-2013-4474
21 Nov 2013 — Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. Vulnerabilidad de formato de cadena en la función extractPages en utils/pdfseparate.cc de Poppler anterior a la versión 024.2 permite a atacantes remotos provocar una denegación de servicio (caída) a través de especificadores de cadena en un nombre de archivo de destino. Poppler is found ... • https://www.exploit-db.com/exploits/38817 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4654 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2010-4654
07 Oct 2013 — poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. poppler versiones anteriores a la versión 0.16.3, tiene comandos malformados que pueden corromper la pila interna. Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected. • http://security.gentoo.org/glsa/glsa-201310-03.xml • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2010-4653 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2010-4653
07 Oct 2013 — An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. Puede ocurrir una condición de desbordamiento de enteros en poppler versiones anteriores a la versión 0.16.3, cuando analiza CharCodes para las fuentes. Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected. • http://security.gentoo.org/glsa/glsa-201310-03.xml • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2012-2142 – Slackware Security Advisory - xpdf Updates
https://notcve.org/view.php?id=CVE-2012-2142
23 Aug 2013 — The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. La función error en el archivo Error.cc en poppler versiones anteriores a 0.21.4, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un PDF que contiene una secuencia de escape para un emulador terminal. New xpdf packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security... • http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 5CVE-2013-1788 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1788
09 Apr 2013 — poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. poppler anterior a v0.22.1 permite a atacantes dependientes de contexto provocar una denegación de servicio (caída) y, posiblemente, ejecutar código de su elección a través de vectores que disparan un "acceso de memoria invalida" en (1) splash/Splash.cc... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2013-1790 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1790
09 Apr 2013 — poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. poppler/Stream.cc en poppler anterior a 0.22.1 permite a atacantes dependientes de contexto tener un impacto no especificado a través de vectores que provocan una lectura de memoria no inicializada por la función CCITTFaxStream::lookChar Multiple vulnerabilities have been found in Poppler, some of which m... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2013-1789 – Gentoo Linux Security Advisory 201310-03
https://notcve.org/view.php?id=CVE-2013-1789
09 Apr 2013 — splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. splash/Splash.cc en poppler anterior a v0.22.1 permite a atacantes dependientes de contexto provocar una denegación de servicio (referencia NULL y caída de la aplicación) a través de vectores relacionados con las funciones (1) Splash::arbitrar... • http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec •
CVSS: 7.5EPSS: 1%CPEs: 29EXPL: 0CVE-2010-3702 – xpdf: uninitialized Gfx::parser pointer dereference
https://notcve.org/view.php?id=CVE-2010-3702
05 Nov 2010 — The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. La función Gfx::getPos en el analizador PDF en Xpdf versión anterior a 3.02 PL5, Poppler versión 0.8.7 y posiblemente otras versiones hasta la 0.15.1, CUPS, kdegraphics, y posiblemente otros producto... • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 75EXPL: 0CVE-2010-3704 – xpdf: array indexing error in FoFiType1::parse()
https://notcve.org/view.php?id=CVE-2010-3704
05 Nov 2010 — The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. La función FoFiType1::parse en fofi/FoFiType1.cc del parsead... • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch • CWE-20: Improper Input Validation •